Written by Mark Johnson, Senior Director of Global Alliances, Arcserve

As we all know, the COVID pandemic triggered a rapid and widespread shift to remote work that persists today—and for good reason. Remote work offers many benefits. It gives employees greater flexibility over schedule, eliminates commute, enhances health and happiness, and boosts productivity. There are also downsides, of course. For one, the rise of remote work introduced a host of cybersecurity concerns, as employees who work outside the office don’t have the security features that go with it.

Are companies responding? Many are not. For example, only 38% of financial services companies have a backup and recovery solution for remote employees, according to an eye-opening new study from Arcserve. It is a risky proposition. Financial services companies that don’t have a security solution for remote employees expose themselves to a wide range of serious threats, including data loss, regulatory noncompliance, and operational disruption.

Of course, the situation may not be as dire as that 38% number suggests since much of the data held by financial institutions probably doesn’t exist on employees’ devices. Most of it resides on secure servers, either onsite or in the cloud. Indeed, employees aren’t even allowed to save files to their desktops at many financial companies. They must log into remote virtual desktops or save data on SharePoint or OneDrive, both cloud-based. Strict controls and monitoring capabilities are in place because the main goal is to have as little data as possible on individual devices.

Where remote backup falls short

The financial sector is in pretty good shape regarding security. But if we consider remote workers outside the financial services sector, where regulations and security measures are typically less stringent, we can identify serious issues.

In many industries, individuals are allowed to save data to their devices, which poses a problem. Backing up remote workers is always a challenge because, in many cases, organisations aren’t managing the devices themselves. Instead, they focus on controlling access to company or web-based resources like Microsoft 365, NetSuite, and Salesforce.

Most companies don’t secure remote devices adequately, and even when they try, protecting those devices is inherently difficult because they’re constantly on the move. Traditional backup and recovery methods often fall short when the laptop is unavailable or offline. Not all backup and recovery software solutions automatically resume backup when the device comes online, resulting in days of data loss.

That’s why, with the rise of remote work, the goal is to store as much data as possible in the cloud or corporate servers and reduce reliance on individual devices. This way, if a laptop is lost or damaged, data remains accessible. Like transferring data to a new phone, the idea is to enable users to log in and access their data seamlessly. However, achieving this goal is challenging due to the offline nature of remote work.

Four keys to protecting remote data

In the context of remote working, here are four key lessons and security best practices that organisations can learn from and adopt.

1: Centralize your data

While some individuals may have copies of data on remote workstations, the goal should be to centralise data on corporate servers or cloud-based solutions like Office 365, Salesforce, NetSuite, or a similar platform.

2: Secure remote devices

Whether it’s a laptop, iPad, or home computer, all devices serve as a gateway to corporate systems. For instance, the laptop on my desk is the portal through which I access applications like Salesforce and Office 365. The goal is to enhance the security of these devices. The approach should include robust endpoint security, strong authentication, and regular updates to protect devices from malware, unauthorised access, and known vulnerabilities.

3: Train your users

It’s worth emphasising that many vulnerabilities arise from compromised user credentials. These credentials aren’t limited to super admins or high-level staff. Even regular user credentials can be exploited to wreak havoc, especially on platforms like Microsoft 365. Ensuring that your users are well-informed and vigilant is crucial. Ultimately, organisations should aim to foster a culture of security where every employee understands their role in maintaining cybersecurity and feels responsible for protecting sensitive data and systems.

4: Continuously update your policies and procedures

This best practice applies to security, backup, recovery, and user access policies. These must be updated regularly to keep pace with changes in your environment, such as introducing new applications. For instance, if you look at some major ransomware incidents, many were executed using outdated credentials. When employees leave a company and their credentials aren’t promptly revoked, it creates a vulnerability. Falling behind in policy updates can lead to mismatches between your policies and the data you must protect, whether for backup or security purposes.

Final takeaway

The global shift to remote work has brought both opportunities and challenges. While remote work offers enhanced flexibility and adaptability, it has opened up cybersecurity threats and increased data vulnerability. Considering these issues, there are overarching lessons and high-level security principles that all organisations should heed. These are especially important now that we live in an era where remote work is not merely a temporary response to unforeseen circumstances but an enduring and integral component of the contemporary organisation.